Fix var reference;Upgrade version;Add LDAP configuration

2023-02-13 12:04:32 +01:00 · 2023-02-13 12:04:32 +01:00 · 9e7eaf2ff7
commit 9e7eaf2ff7
parent 7931b1ed44
3 changed files with 56 additions and 2 deletions
--- a/ansible/roles/firstboot/files/ansible_payload/bootstrap/roles/metacluster/tasks/k3s.yml
+++ b/ansible/roles/firstboot/files/ansible_payload/bootstrap/roles/metacluster/tasks/k3s.yml
@ -73,7 +73,7 @@
        labels:
          ova.airgappedk8s/moref_id: "{{ moref_id }}"
    kubeconfig: "{{ kubeconfig.path }}"
-  register: patch_result
+  register: k8snode_patch
  until:
    - k8snode_patch.result.metadata.labels['ova.airgappedk8s/moref_id'] is defined
  retries: "{{ playbook.retries }}"
--- a/ansible/vars/metacluster.yml
+++ b/ansible/vars/metacluster.yml
@ -56,7 +56,7 @@ components:

  argo-cd:
    helm:
-      version: 5.20.1  # (= ArgoCD v2.6.0)
+      version: 5.20.3  # (= ArgoCD v2.6.1)
      chart: argo/argo-cd
      parse_logic: helm template . | yq --no-doc eval '.. | .image? | select(.)' | sort -u | awk '!/ /'
      chart_values: !unsafe |
@ -105,6 +105,33 @@ components:
      parse_logic: helm template . | yq --no-doc eval '.. | .image? | select(.)' | sort -u | awk '!/ /'
      chart_values: !unsafe |
        config:
+          connectors:
+            - type: ldap
+              id: ldap
+              name: "LDAP"
+              config:
+                host: {{ vapp['ldap.fqdn'] }}:636
+                insecureNoSSL: false
+                insecureSkipVerify: true
+                bindDN: {{ vapp['ldap.dn'] }}
+                bindPW: {{ vapp['ldap.password'] }}
+
+                usernamePrompt: "Username"
+                userSearch:
+                  baseDN: OU=Administrators,OU=Useraccounts,DC=bessems,DC=eu
+                  filter: "(objectClass=person)"
+                  username: userPrincipalName
+                  idAttr: DN
+                  emailAttr: userPrincipalName
+                  nameAttr: cn
+
+                groupSearch:
+                  baseDN: OU=Roles,OU=Groups,DC=bessems,DC=eu
+                  filter: "(objectClass=group)"
+                  userMatchers:
+                  - userAttr: DN
+                    groupAttr: member
+                  nameAttr: cn
          enablePasswordDB: true
          issuer: https://oidc.{{ vapp['metacluster.fqdn'] }}
          storage:
--- a/scripts/Update-OvfConfiguration.bootstrap.yml
+++ b/scripts/Update-OvfConfiguration.bootstrap.yml
@ -187,6 +187,33 @@ PropertyCategories:
    Configurations: '*'
    UserConfigurable: true

+- Name: 6) Identity provider
+  ProductProperties:
+
+  - Key: ldap.fqdn
+    Type: string(1..)
+    Label: LDAP server FQDN/IP-address*
+    Description: The address of the LDAP server which this bootstrap appliance will perform LDAP queries against.
+    DefaultValue: ''
+    Configurations: '*'
+    UserConfigurable: true
+
+  - Key: ldap.dn
+    Type: string(1..)
+    Label: LDAP bind distinguished name*
+    Description: The username which this bootstrap appliance will use for LDAP queries.
+    DefaultValue: ''
+    Configurations: '*'
+    UserConfigurable: true
+
+  - Key: ldap.password
+    Type: password(1..)
+    Label: LDAP bind password*
+    Description: The password which this bootstrap appliance will use for LDAP queries.
+    DefaultValue: ''
+    Configurations: '*'
+    UserConfigurable: true
+
 ---
 Variables:
 - Name: hostname.suffix